版权声明:转载请注明出处! https://blog.csdn.net/ywd1992/article/details/89467207
安装mongodb的方法参考此文档:https://blog.csdn.net/ywd1992/article/details/81947357
1、登录config server添加用户(primary节点)
/usr/local/mongodb/bin/mongo --port 21000
切换到admin用户下,添加一个新的用户
use admin
- 其中user及pwd按自己需求修改
db.createUser(
{
user: "csdn",
pwd: "123456",
roles: ["userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase", "clusterAdmin"]
}
)
可以看到如下成功提示
Successfully added user: {
"user" : "csdn",
"roles" : [
"userAdminAnyDatabase",
"dbAdminAnyDatabase",
"readWriteAnyDatabase",
"clusterAdmin"
]
}
2、登录shard server1添加用户(primary节点)
/usr/local/mongodb/bin/mongo --port 27001
切换到admin用户下,添加一个新的用户
use admin
- 其中user及pwd按自己需求修改
db.createUser(
{
user: "csdn",
pwd: "123456",
roles: ["userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase", "clusterAdmin"]
}
)
可以看到如下成功提示
Successfully added user: {
"user" : "csdn",
"roles" : [
"userAdminAnyDatabase",
"dbAdminAnyDatabase",
"readWriteAnyDatabase",
"clusterAdmin"
]
}
3、登录shard server2添加用户(primary节点)
/usr/local/mongodb/bin/mongo --port 27002
切换到admin用户下,添加一个新的用户
use admin
- 其中user及pwd按自己需求修改
db.createUser(
{
user: "csdn",
pwd: "123456",
roles: ["userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase", "clusterAdmin"]
}
)
可以看到如下成功提示
Successfully added user: {
"user" : "csdn",
"roles" : [
"userAdminAnyDatabase",
"dbAdminAnyDatabase",
"readWriteAnyDatabase",
"clusterAdmin"
]
}
4、登录shard server3添加用户(primary节点)
/usr/local/mongodb/bin/mongo --port 27003
切换到admin用户下,添加一个新的用户
use admin
- 其中user及pwd按自己需求修改
db.createUser(
{
user: "csdn",
pwd: "123456",
roles: ["userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase", "clusterAdmin"]
}
)
可以看到如下成功提示
Successfully added user: {
"user" : "csdn",
"roles" : [
"userAdminAnyDatabase",
"dbAdminAnyDatabase",
"readWriteAnyDatabase",
"clusterAdmin"
]
}
5、生成并配置密钥文件
-
任意节点生成,发送到集群中其他节点
-
所有节点创建密钥目录
mkdir /usr/local/mongodb/key
- 集群中任意找一个节点生成秘钥文件并分发到其他节点
openssl rand -base64 756 >/usr/local/mongodb/key/mongo_auth.key
scp /usr/local/mongodb/key/mongo_auth.key [email protected]:/usr/local/mongodb/key/
scp /usr/local/mongodb/key/mongo_auth.key [email protected]:/usr/local/mongodb/key/
- 所有节点密钥文件加权限
chmod 0600 /usr/local/mongodb/key/mongo_auth.key
- 配置文件中添加security配置
mongos配置文件添加配置(所有节点)
vim /usr/local/mongodb/conf/mongos.conf
注意yml文件格式,前面写了两个空格
keyFile=/usr/local/mongodb/key/mongo_auth.key
config和shard配置文件分别添加(所有节点)
vim /usr/local/mongodb/conf/config.conf
vim /usr/local/mongodb/conf/shard1.conf
vim /usr/local/mongodb/conf/shard2.conf
vim /usr/local/mongodb/conf/shard3.conf
auth=true
keyFile=/usr/local/mongodb/key/mongo_auth.key
6、验证
- 修改了配置之后需要先将原有所有服务杀掉重启,使配置生效
/usr/local/mongodb/bin/mongod -f /usr/local/mongodb/conf/config.conf
/usr/local/mongodb/bin/mongod -f /usr/local/mongodb/conf/shard1.conf
/usr/local/mongodb/bin/mongod -f /usr/local/mongodb/conf/shard2.conf
/usr/local/mongodb/bin/mongod -f /usr/local/mongodb/conf/shard3.conf
/usr/local/mongodb/bin/mongos -f /usr/local/mongodb/conf/mongos.conf
- 任意节点登录mongo
mongo --host 192.168.0.101 --port 20000
- 切换到admin用户下先show一下数据库,发现什么都没有,或者发现会报错
use admin
show dbs
- 此时我们以刚才添加的用户登录进去,再次show一下数据库,发现已经可以看到所有的数据库了
db.auth("csdn","123456")